Kevin Bostic
Adobe on Thursday confirmed that malicious parties had compromised its networks and potentially gleaned credit card and other personal information from the accounts of nearly three million users.
The creative software company revealed the breach in a post to its official blog. Adobe's security team recently discovered a number of "sophisticated attacks" on its network, with some of those attacks targeting customer information and source code for several Adobe products.
In all, the attackers are believed to have stolen information on 2.9 million Adobe account holders. That data includes customer names, encrypted credit and debit card numbers, expiration dates, and other customer order information. Adobe does not believe that decrypted credit or debit card numbers were removed from the network.
Adobe has contacted federal law enforcement for help in the investigation and is resetting passwords for affected accounts in order to prevent further unauthorized access. Owners of affected Adobe ID accounts will receive an email notification from Adobe with information on how to change their passwords.
The company also recommends that account holders affected by the attack change their passwords on any website where they may have signed up with the same login credentials.
On its end, Adobe has spread news of the breach to banks that process its payments, and is coordinating with payment card companies and card-issuing institutions to help protect customers' accounts. In addition, the company is extending a free one-year credit monitoring membership to those customers whose information was compromised.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
39 Comments
I love how when corporate sites get hacked they always say that the credit cards are encrypted so it should be fine. If the hackers were into your database they likely owned your whole server and surly would have found the encryption key. It is not like they are MD5 hashed because they need to decrypt them every time they show you the check out shopping cart page so you can use the card on record.
On our e-commerce site we don't store any credit cards, not even the last four digits. The last four get emailed to the client but not saved. The full credit card goes to the merchant gateway and we never see it. I feel a lot safer not being responsible for the customers' credit cards. All these big sites like Amazon, Apple, Adobe want to keep the cards on file to make it easier for people to buy stuff but it comes at a risk.
Glad that I'm not a customer.
Besides Apple, bank accounts, stock brokers etc., I try not to keep any profiles with online retailers that store my credit card info.
I do order a lot of things from the net, from a whole bunch of different sites, and I usually always check out as guest, it doesn't take long to do, and I feel safer, because I don't want to create a profile and I don't want my credit card info being stored. You simply can not trust most sites to keep your info secure.
As a matter of fact, I just remembered that Amazon has one of my cards on file, so I just went there and deleted it, took less than 1 minute. I don't mind entering my CC details again next time I shop for something. And imagine having all of your personal and financial info stored and managed by the incompetent baboons in the govt? I am so damn glad that I do not have to sign up for any govt healthcare crap. I was just reading today how it might be a haven for hackers. And with the incompetent people working there, I do not doubt it for a second. They can't even manage a simple website.
One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.
With these stupid "software-as-service-which-isn't-really-a-service-but-we-market-it-as-service-anyway-because-we-make-more-money-that-way" scams that are more and more popular, all the customer data gets hoarded by a few major vendors, and they are magnificent targets, particularly in the case of companies like Adobe which don't know how to write decent code in the first place.
(PS: No, deriving mathematical algorithms for image processing is not the same as knowing how to write decent code, Adobe knows the former, but not the latter).
One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.
So where did you buy that box of Final Cut Pro X or Aperture or iWork? Apple stores your card just like Adobe and they are not immune from being hacked either. Just last month the dev site was down for a couple weeks due to hacked user profiles which probably included credit card info. To address your rant on Adobe not knowing how to code, I'm sure you have built a billion dollar software enterprise which clearly legitimizes the validity of your remarks.
[quote name="Apple ][" url="/t/159922/adobe-security-breach-compromises-2-9m-customer-accounts-encrypted-credit-card-data-stolen#post_2410951"]I usually always check out as guest, it doesn't take long to do, and I feel safer, because I don't want to create a profile and I don't want my credit card info being stored. You simply can not trust most sites to keep your info secure. [/quote] Guest accounts still create accounts. Even on big ecommerce platforms like magento. Unfortunately.